Refactor Github Action per b/485167538

[google-admin]

This is a http://go/LSC run by http://go/ghss to automatically refactor your Github Actions per http://b/485167538.

This is a PR to help you upgrade to the latest standards in Github Actions.

Please merge this PR to accept the changes. NOTE: if you do not accept this PR, it may be force merged by the GHSS team. See http://b/485167538 for more details.

[gemini-cli]

Hi @google-admin, thank you so much for your contribution to Gemini CLI! We really appreciate the time and effort you've put into this.

We're making some updates to our contribution process to improve how we track and review changes. Please take a moment to review our recent discussion post: Improving Our Contribution Process & Introducing New Guidelines.

Key Update: Starting January 26, 2026, the Gemini CLI project will require all pull requests to be associated with an existing issue. Any pull requests not linked to an issue by that date will be automatically closed.

Thank you for your understanding and for being a part of our community!

[gemini-cli]

Hi there! Thank you for your contribution to Gemini CLI.

To improve our contribution process and better track changes, we now require all pull requests to be associated with an existing issue, as announced in our recent discussion and as detailed in our CONTRIBUTING.md.

This pull request is being closed because it is not currently linked to an issue. Once you have updated the description of this PR to link an issue (e.g., by adding Fixes #123 or Related to #123), it will be automatically reopened.

How to link an issue:
Add a keyword followed by the issue number (e.g., Fixes #123) in the description of your pull request. For more details on supported keywords and how linking works, please refer to the GitHub Documentation on linking pull requests to issues.

Thank you for your understanding and for being a part of our community!

[gemini-code-assist]

Summary of Changes

Hello @google-admin, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request systematically refactors several GitHub Actions to align with updated best practices for variable handling. The primary change involves transitioning from direct interpolation of GitHub Actions inputs and step outputs within run scripts to using explicitly defined environment variables. This change enhances consistency, readability, and potentially the robustness of the shell commands executed within these actions.

Highlights

• GitHub Actions Refactoring: All modified GitHub Actions have been refactored to pass input variables and step outputs into the env block before being used within run scripts. This standardizes how variables are accessed within shell commands.
• Improved Variable Handling: Direct interpolation of ${{ inputs.variable-name }} or ${{ steps.step_id.outputs.output_name }} within run commands has been replaced with references to environment variables (e.g., ${INPUTS_VARIABLE_NAME}).

Changelog

• .github/actions/create-pull-request/action.yml
  • Refactored input variable usage to leverage environment variables within the run step for creating pull requests.
• .github/actions/npm-auth-token/action.yml
  • Refactored input variable usage to leverage environment variables within the run step for determining NPM authentication tokens.
• .github/actions/publish-release/action.yml
  • Refactored input and step output variable usage to leverage environment variables within run steps for release branch creation, package version updates, NPM publishing, and GitHub release creation.
• .github/actions/push-docker/action.yml
  • Refactored input and step output variable usage to leverage environment variables within run steps for Docker image tagging and pushing.
• .github/actions/push-sandbox/action.yml
  • Refactored input and step output variable usage to leverage environment variables within run steps for sandbox image tagging, building, and publishing.
• .github/actions/setup-npmrc/action.yml
  • Refactored input variable usage to leverage environment variables within the run step for setting up the NPMRC file.
• .github/actions/tag-npm-release/action.yml
  • Refactored input variable usage to leverage environment variables within run steps for NPM distribution tag management and dry run logging.
• .github/actions/verify-release/action.yml
  • Refactored input variable usage to leverage environment variables within run steps for verifying NPM package versions.

Ignored Files

• Ignored by pattern: .github/workflows/** (8)
  • .github/workflows/chained_e2e.yml
  • .github/workflows/ci.yml
  • .github/workflows/deflake.yml
  • .github/workflows/eval.yml
  • .github/workflows/evals-nightly.yml
  • .github/workflows/release-patch-3-release.yml
  • .github/workflows/release-promote.yml
  • .github/workflows/trigger_e2e.yml

Activity

• This pull request was automatically generated by http://go/LSC run by http://go/ghss to refactor Github Actions.
• The changes are intended to upgrade Github Actions to the latest standards.
• The PR description indicates that it may be force merged by the GHSS team if not accepted.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request contains automated refactoring to improve the security of your GitHub Actions. The changes replace direct context interpolation in run scripts with environment variables, which is a best practice to prevent shell injection vulnerabilities. I have reviewed the changes across all modified action files and they have been applied correctly and consistently. This is a valuable security improvement and the pull request is ready to be merged.